|
|
|
|
|
|
by lemax
1426 days ago
|
|
|
It's possible to implement this without creating new connections to the database for each request by using SET LOCAL and wrapping every query in a transaction. Instead of applying RLS based on the current user, you apply RLS based on the parameter value you set at the beginning of the transaction. You can set this parameter value based on the user session in your application. Your RLS policy looks as follows:
CREATE POLICY tenant_${tableName}_isolation_policy ON "${tableName}"
USING ("tenant_id" = current_setting('app.current_tenant'); Your queries look something like this:
BEGIN TRANSACTION
SET LOCAL app.current_tenant = '${tenant}';
SELECT * from some_table
END TRANSACTION; You can even initialize your writes with a `tenant_id` column defaulted to your `current_setting('app.current_tenant')` |
|
|